Hi, I think we discussed this in a previous thread, but I’d prefer to keep this part of the draft as is. Since IoT hardware is really diverse there are some platforms where this would be a performance gain (and others where it is not). We don’t make strong claims in this area in the draft so I think it is appropriate as is. That said, if you’d like we can add some “disclaimer” text saying this won’t apply in all cases, but I don’t think it’s appropriate to remove it completely.
Thanks, --Jack From: Ben Schwartz <bem...@google.com> Sent: Tuesday, February 9, 2021 10:57 AM To: Peter Gutmann <pgut...@cs.auckland.ac.nz> Cc: Jack Visoky <jmvis...@ra.rockwell.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites Hardware support for AES but not SHA2 is extremely common. For devices without acceleration, ChaCha20-Poly1305 is likely to be faster than SHA256 (e.g. according to https://www.bearssl.org/speed.html). Unless your device has hardware offload for SHA256 but _not_ for AES (a rare combination), you can likely do AEAD faster than these integrity-only ciphersuites. The draft implies that performance ("latency", "processing power") is a motivation for using these ciphers. (It also mentions "runtime memory footprint" and "the need to minimize the number of cryptographic algorithms used", which are separate considerations.) On Mon, Feb 8, 2021 at 7:41 PM Peter Gutmann <pgut...@cs.auckland.ac.nz<mailto:pgut...@cs.auckland.ac.nz>> wrote: Ben Schwartz <bemasc=40google....@dmarc.ietf.org<mailto:40google....@dmarc.ietf.org>> writes: >If you are updating the text, I would recommend removing the claim about >performance. In general, the ciphersuites specified in the text are likely >to be slower than popular AEAD ciphersuites like AES-GCM. Uhh... when is AES-GCM faster than SHA2, except on systems with hardware support for AES-GCM and no hardware support for SHA2? Peter.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
